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14) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 
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Art Unit: 2134 

DETAILED ACTION 

1. Claims 1-63 are pending. 



Response to Arguments 

2. Applicants arguments have been considered but they are not persuasive. 
Applicant has argued the following on page 2, paragraph 1 : 

Applicants respectfully submit that the application amply describes the claimed method for 
control and maintenance of an operational structure and clearly and fully describes the 
computer hardware and software to enable a person skilled in the art to make and use the 
claimed invention without undue experimentation. In other words, the specification and 
drawings set forth in a clear, concise and exact manner apparatus that can be used to 
electronically practice the claimed invention. For example, Applicants refer the Examiner to 
page 1, lines 19-24 and page 2, lines 2-7 of Applicants* specification for a description of how the 
claimed invention may be applied in a computer system using electronic data and electronic 
transactions. Further, Applicants refer the Examiner to, for example, page 2, lines 16-20, page 
4, lines 12-22, page 11, lines 15-22, page 15, line 10 to page 16, line 2, page 18, lines 3-6, page 
19, lines 8-19 and the drawings for description and explanation of how the claimed invention 
may be implemented using computer hardware and software. With the teachings in the 
application, such as the state and flow diagrams, the associated disclosure in the specification 
and the specific description of applicable computer technology in the specification, a person 
skilled in the art should be able, without undue experimentation, to make and use the claimed 
invention, in particular to "electronically" practice the claimed invention. 

The Examiner contends that applicant's citations merely refer to the fact that various 
pieces of electronic hardware in an organization are involved. The specification and claims fail 
to provide any detail about how one of ordinary skill in the art is to implement and achieve the 
benefit Applicant claims beyond recite the fact that this operation takes place in an organization 
that comprises some electronic units. 



Claim 1 Recites: 
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A method for control and maintenance of an operational organization structure, the method 
comprising electronically: 

• Associating entities with cryptographic capabilities; 

• Organizing entities within the organizational structure as roles 

• Maintaining roles within the organization structure. 

The Examiner contends an adequate description of how to implement such a construct fails to be 
given. For example, how shall the two entities with cryptographic capabilities be associated? 
Shall they be associated with one another? Shall they be associated with a particular 
characteristic? 

How shall the organization structure be maintained? Shall they simply exist? Does applicant 
intend to record all the information of the organization structure to disk? Shall the roles be 
maintained by personal morals of the individuals in the organization, or shall they be enforced? 

Shall the method for control and maintenance use Object Oriented Programming? Shall this 
method rely most heavily on databases, or can a mere text file adequately maintain the roles and 
organized entities? Can the associations, the organizations, and roles be maintained by teaching 
everyone in a classroom what they are? 

Applicant (page 3, last paragraph - page 4, first paragraph) further argues with regards to the 
rejection under 102(b): 
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If the Examiner's position is that the operational organizational structure as claimed 
corresponds to the structure of the authentication system" as disclosed by Lampson et al, then 
Applicants respectfully submit that Lampson et al.fail to disclose, teach or suggest any method 
for control" and maintenance" of that structure. Lampson et al appears to merely disclose a 
static authentication system and the control that is discussed by Lampson et al is traditional 
access control provided within such an authentication system. 

The Examiner contends that regardless of the type of control Lampson discusses, the fact that 
Lampson discusses access control, nevertheless renders it as a method of control. 



Applicant further argues on page 4, last paragraph: 

The Examiner further argues that the roles that Lampson et al discusses are roles for 
principals, where principals themselves are "Entities. "Applicants respectfully submit, 
however, that this argument does not address how Lampson et al discloses, teaches or 
suggests organizing entities within an organization structure as roles, entities which have 
associated cryptographic capabilities. While Lampson et al discloses principals - entities in 
terms of the claimed method - having roles, Lampson et alfail to disclose, teach or suggest 
any method for organizing principals within an organizational structure, let alone organizing 
those principals with roles. The roles of principals discussed in Lampson et al appear to be 
predetermined and supplied to the authentication system of Lampson et al 

The Examiner contends that regardless of whether roles of Lampson et al. are predetermined or 
not, the roles are indeed "organized". 



Claim Rejections - 35 USC §101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 



4. 



Claims 1-63 rejected under 35 U.S.C. 101 because the subject matter is nonstatutory. 
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Independent claims 1, 16, 52 read as follows: 

A method for control and maintenance of an operational organization structure, the method comprising 
electronically: 

• Associating entities with cryptographic capabilities; 

• Organizing entities within the organizational structure as roles 

• Maintaining roles within the organization structure. 

A system for control and maintenance of an operational structure involving at least one cryptographic method, 

entities within organizations, characteristics of said entities and relationships between said entities, wherein the 

system comprises: 

Maintaining capabilities of entities 

Maintaining functions of entities 

Maintaining characteristics of entities 

Maintaining relationships of entities 

Changing the maintained said entities said characteristics and said relationships. 

A database system representing an organization involving directories representing entities, their characteristics, 
roles, and relationships together with their associations with cryptographic capabilities, the database system 
comprising the following transactional components: 

Connection to cryptographic authorities representing the cryptographic capabilities associated with said entities, 
said characteristics and said relationships. 

A maintenance system by which said database and said cryptographic authorities are maintained in coordination 
and by authorized parties assuring the representation of said organization and said cryptographic capabilities are 
soundly associated as defined by the coordination directives. 

Maintenance transactions acting within said maintenance system, maintaining a view representing an organization. 



However, the invention of the independent claims fail to produce a tangible, or concrete result. 
In fact, claim 1 and 52 fail to produce any result at all. 



MPEP 2 1 06 II A States: "The claimed invention as a whole must accomplish a practical application. That is, it 
must produce a "useful, concrete and tangible result " 



While the Examiner acknowledges the steps of associating, organizing, and maintaining, the 
Examiner holds that no concrete result has actually been achieved on these entities. The mere 
actions of associating, organizing, and maintaining are conceptual manipulations that reflect a 
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particular state of understanding or perspective. Because these are conceptual manipulations, 
they fail to provide concrete or physical results on the entities they are performed on. 

To the clarify the contention at hand, suppose the Examiner produces two oddly shaped entities. 
Suppose these two entities are oddly shaped constructions are similar to and reminiscent of 
Greco-Roman origin. "A" and "B" 

• Let us now associate these two constructions as part of a particular set. Let us call this 
set, the alphabet. 

• Let us now organize these oddly shaped entities to accept a particular role in the English 
language as letters of the alphabet to symbolize sounds and verbal enunciations. 

• Let us now maintain these roles of A and B within the organizational structure of the 
alphabet as part of a standard so that other people may use these letters too for future 
written communication. 

Certainly this manipulation and novel understanding of the symbols may be considered highly 
useful and significant, as history has shown. However, in order to satisfy the "new and useful 
requirement" of 35 USC 101, the Applicant must establish a concrete utility and not just a 
conceptual one. 

MPEP 2 1 06 II A clarifies this relationship by stating: " . . . the mere fact that the claim may satisfy the 
utility requirement of 35 U.S. C. 101 does not mean that a useful result is achieved under the practical application 
requirement. The claimed invention as a whole must produce a "useful, concrete and tangible" result to have a 
practical application. . ." 



Application/Control Number: 09/503,181 



Art Unit: 21 34 



Page 7 



Furthermore, the Examiner maintains that claim 52 is not enabled in the technological arts nor is 
it limited to a machine. It is uncertain whether applicant has intended to claim a machine or a 
process. 

Applicant has recited "a database system", but has failed to claim any computers or hardware in 
which the database is to be drawn to. In view of this fact, the database system of claim 52 
appears to be completely intangible. As a process claim, claim 52 fails to produce a concrete 
result, or any result at all, and therefore invalid as a process. As a machine, manufacture, or 
composition of matter, the system of claim 52 itself fails to be tangible, thereby invalidating it 
under 35 USC 101. 

While claim 16 does recite a change, the objects of manipulation recited in claim 16 are again 
drawn to the intangible concept of an organizational entity. Because of this, no concrete result is 
achieved. 

MPEP 2 1 06 II A states: "A process that consists solely of the manipulation of an abstract idea is not concrete 

or tangible. See/w re Warmerdam, 33 F.3d 1354, 1360, 31 USPQ2d 1754, 1759 (Fed. Cir. 1994). See also Schrader, 
22 F.3d at 295, 30 USPQ2d at 1459." 

MPEP 2106 IV B 2(b) is cited in part for Applicant's convenience: 



Application/Control Number: 09/503,181 Page 8 

Art Unit: 2134 

A claim that requires one or more acts to be performed defines a process. However, not all processes are statutory 
under 35 U.S.C. 101. Schrader, 22 F.3d at 296, 30 USPQ2d at 1460. To be statutory, a claimed computer-related 
process must either: (A) result in a physical transformation outside the computer for which a practical application in 
the technological arts is either disclosed in the specification or would have been known to a skilled artisan 
(discussed in i) below), or (B) be limited to a practical application within the technological arts (discussed in ii) 
below). See Diamond v. Diehr, 450 U.S. at 183-84, 209 USPQ at 6 (quoting Cochrane v. Deener, 94 U.S. 780, 787- 
88 (1877)) ("A [statutory] process is a mode of treatment of certain materials to produce a given result It is an act, 
or a series of acts, pa-formed upon the subject-matter to be transformed and reduced to a different state or thing 



Examples of claimed processes that do not achieve a practical application include: 

- step of "updating alarm limits" found to constitute changing the number value of a variable to 
represent the result of the calculation {Parker v. Flook, 437 U.S. 584, 585, 198 USPQ 193, 195 
(1978)); 

- final step of "equating" the process outputs to the values of the last set of process inputs found to 
constitute storing the result of calculations (In re Gelnovatch, 595 F.2d 32, 41 n.7, 201 USPQ 136, 
145 n.7 (CCPA 1979); and 

- step of "transmitting electrical signals representing" the result of calculations (In re De Castelet, 
562 F.2d 1236, 1244, 195 USPQ 439, 446 (CCPA 1977) ("That the compute is instructed to 
transmit electrical signals, representing the results of its calculations, does not constitute the type 
of 'post solution activity* found in Flook, [437 U.S. 584, 198 USPQ 193 (1978)], and does not 
transform the claim into one for a process merely using an algorithm. The final transmitting step 
constitutes nothing more than reading out the result of the calculations.")); and 

-step of displaying a calculation as a gray code scale (In reAbele, 684 F.2d 902, 908, 214 USPQ 
682, 687 (CCPA 1982)). 



"A claim is limited to a practical application when the method, as claimed, produces a concrete, tangible and useful 
result; i.e., the method recites a step or act of producing something that is concrete, tangible and useful. See AT&T, 
172 F.3d at 1358, 50 USPQ2d at 1452. Likewise, a machine claim is statutory when the machine, as claimed, 
produces a concrete, tangible and useful result" 
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Claim Rejections - 35 USC § 112 

5. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

Claims 1-63 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter which was not described in 
the specification in such a way as to enable one skilled in the art to which it pertains, or with 
which it is most nearly connected, to make and/or use the invention. The specification fails to 
illustrate how the method for control and maintenance of an operational organization structure is 
"electronically" implemented.. 

Claim 1 is further rejected under 35 U.S.C. 1 12, first paragraph, as based on a disclosure 
which is not enabling. Any subject matter illustrating how the method for control and 
maintenance may be implemented electronically are critical or essential to the practice of the 
invention, but not included in the claim(s) is not enabled by the disclosure. See In re Mayhew, 
527 F.2d 1229, 188 USPQ 356 (CCPA 1976). 

Claim Rejections - 35 USC §102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 
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7. Claims 1-10, 13-39, 41-44, 47-57, 59, 61-63 as best understood are rejected under 35 
U.S.C 102(b). 

In reference to claim 1 : 

Lampson et al. discloses a method for control and maintenance of an operational organizational 
structure, where the operational organizational structure is the organization structure of the 
distributed authentication system, the method comprising: 

Associating entities with cryptographic capabilities, where the certification authority is an entity 
associated with cryptographic capabilities; (Section 5. 1 p. 283-286) 

Organizing entities within the organizational structure as roles, and maintaining roles within the 
organizational structure, where an entity in organization structure can also be a Principal, and the 
example is given of the entity being organized as a role, where the role is manager, and the entity 
that is organized is Abadi. 

"Principals in Roles Abadi as Manager" (Section 2. Concepts P.268) 
In reference to claim 2: 

Lampson et al. (Section 4. 1 - Section 4.4 p. 275- 279) discloses a method wherein the method 
involves a public key infrastructure operation, where the public key infrastructure operation may 
be Encrypt, Decyrpt, or the selection of Keys. 

In reference to claim 3: 

Lampson et al. (Section 2. Concepts P.268) discloses a method wherein the control and 
maintenance further comprises: 
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Assigning elements in said organizational structure to roles within said organizational structure, 
where the element is a person/people and the role is a manager, and the elements are assigned 
these roles in the manner in which "Abadi" is assigned to be manager. 



In reference to claim 4: 

Lampson et al. (section 5.3 P. 290) discloses a method wherein the control and maintenance 
further comprises: 

Assigning elements in said organization structure to groups within said organizational structure, 
where a principal P may be a member of a group through a certificate which denotes 
membership. 

Claim 5 and 6 are rejected for the same reason as claim 4. 
In reference to claim 7: 

Lampson et al. (Section 9. Access Control . 305-308) discloses a method wherein said 
cryptographic method involves access control technology, where the access control technology is 
an access control list. 

Claim 8 is rejected for the same reason as claim 7. 
In reference to claim 9: 
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Lampson et al. (p. 270 1st paragraph) discloses a method where said cryptographic method 
involves at least a database operation, where a database is searched to justify access control 
decisions. 

In reference to claim 16: 

Lampson et al. discloses a system for control and maintenance of an operational structure 
involving at least: 

• one cryptographic method, where the cryptographic method is public key cryptography 
(Section 4. 1 - Section 4.4 p. 275- 279) 

• entities within organizations, characteristics of said entities and relationships between 
said entities, where the entities are principals. (Section 2. Concepts P.268) 

• where the capabilities, functions, characteristics, and relationships of entities 

are maintained and changed, where the changing is done through statements, and the statements 
denote actions that principals can say (Section 3.1- Section 4, pages 271-274) 

In reference to claim 17: 

Lampson et. al. (Section 2. Concepts, page 268) discloses a system where at least one of said 
entities is an individual in an organization under "People: Lampson, Abadi" 



In reference to claim 18: 
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Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one of said 
entities is a group of individuals in an organization. 

In reference to claim 19: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one capability 
is a role in an organization. 

In reference to claim 20: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one capability 
is a task in an organization. 

In reference to claim 21: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one function is 
an operation by a functionary in an organization. 

In reference to claim 22: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one function is 
an operation by a group of functionaries in an organization, where a group is a Principal and 
Principals may take on roles or "functions". 



In reference to claim 23: 
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Lampson et al. (p. 269 4 th paragraph and Section 5.2, p. 286-290) discloses a system where at 
least one of said characteristics and relationships is represented in a directory. 

In reference to claim 25: 

Lampson et al. (Figure 6, page 287) discloses a system where at least one of said characteristics 
and said relationships is represented in a public key infrastructure directory. 

In reference to claim 27: 

Lampson et al. (Figure 6, page 287) discloses a system where said system's operations involve 
updating at least one public key infrastructure directory, where the authentication tree 
demonstrates the public key infrastructure directory. 

In reference to claim 30: 

Lampson et. al (p.283) discloses a system where said changing of the said maintained elements 
comprises change of databases, where the elements are principals and the credentials of an 
element are looked up in the database. 

In reference to claim 3 1 : 

Lampson et. al (p.283) discloses a system where said changing of the said maintained elements 
comprises change of cryptographic certification information within the public key infrastructure 
directories and further database changes, where the elements are principals, and a change of 
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cryptographic certification information would change the credentials of the element in the 
database. 

In reference to claim 32: 

Lampson et. al. (Section 5.1, 5.2, p.283-290) discloses a system where said entities, said 
characteristics and said relationships are maintained by combining database components and 
components of certification authorities of a public key infrastructure, 
where the entities are principals and their characteristics and relationships are maintained by 
combining information from the database (the credentials of the entities) and the certificates 
provided by the certification authorities of the public key infrastructure. 

In reference to claim 33: 

Lampson et. al. (p. 269 4 th paragraph) discloses a system where said entities are represented in at 
least first directory, where the entities are principals and 

"/com/dec/ src/burrows and /com/dec/src/abadi" are first directories where the entities are 
represented 

(Section 5.2, Path Names and Multiple Authorities, p. 287-290) discloses a system where said 
characteristics and said relationships are represented in at least second directory, where the 
second directory is tree or directory of authentication, and the paths within the directory hold 
represent the cryptographic relationships between the entities. 

Claim 34 is rejected for the same reason as claim 33. 
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In reference to claim 37: 

Lampson et al. (Section 5.1, A single certification authority, p. 283-286) discloses a system 
where said system's operation is activated by at least one designated entity amongst said entities, 
where the one designated entity is principal A, in first initiating the transaction. 

In reference to claim 38: 

Lampson et. al. (Section 5.1, A single certification authority, p. 283-286) demonstrates a system 
where said system's operation is activated based on agreed upon rules, where the agreed upon 
rules are apparent in the operation of the users interacting with the certification authority. 

In reference to claim 42: 

Lampson et. al. (Section 5.2, Path Names and Multiple Authorities, p. 287-290) discloses a 
system where said characteristics and said relationships define authorization rules based on 
access structure, where the relationships defined by the authorization tree defines the 
authorization rules. 

Claims 43 and 44 are rejected for the same reason as claim 42. 
In reference to claim 47: 
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Lampson et al. (p.286, 2 nd paragraph) discloses a system with the additional operation of 
monitoring operations within a system, where a timestamp is well known in the art to be 
considered a monitoring operation. 

In reference to claim 48: 

Lampson et al. (p.286, 2 nd paragraph) discloses a system with the additional operations of time 
stamping operations within said system. 

In reference to claim 49: 

Lampson et al. discloses a system of authentication in distributed systems where it is understood 
that at least one of said system's operations is performed distributedly via communication. 
Lampson et al. (Section 5.1, A single certification authority, p. 283) specifically discloses 
contacting a certification authority as an operation performed distributedly. 

In reference to claim 50: 

Lampson et al. (p. 283) discloses a system where at least one of said system's operations is a 
distributed database operation. 

In reference to claim 52: 

Lampson et. al. (Section 5. 1, A single certification authority, p. 283 - 286) discloses database 
system representing an organization involving directories representing entities, their 
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characteristics, roles, and relationships together with their associations with cryptographic 
capabilities, the database system comprising following transactional components: 
Connection to cryptographic authorities representing the cryptographic capabilities associated 
with said entities, said characteristics, and said relationships, where the cryptographic authorities 
are certification authorities, and the entities are principals who communication to the CA's in 
cryptographic transactions. 

A maintenance system by which said database and said cryptographic authorities are maintained 
in coordination and by authorized parties assuring the representation of said organization and 
said cryptographic capabilities are soundly associated as defined by the coordination directives, 
where the maintenance of the authorizations is observed through the use of certification 
authorities, and using the database to check access control transactions. Lampson et al. (p. 270 1 st 
paragraph) 

Maintainance transactions acting within said maintenance system, maintaining view representing 
an organization, where the maintenance transaction are database accesses to justify granting 
accesses Lampson et al. (p. 270 1 st paragraph) 

In reference to claim 53: 

Lampson et. al. (Section 2, p. 268 - 270) discloses a system wherein said organization comprises 
a plurality of entities, where entities are principals. 



In reference to claim 54: 
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Lampson et. al (Section 5.2, Path Names and Multiple Authorities, p. 286-290) discloses a 
system wherein said cryptographic authorities is a plurality of at least one certification 
authorities. 

In reference to claim 56: 

Lampson et al. (Section 5.2, Path Names and Multiple Authorities, p. 286-290) discloses a 
system wherein said cryptographic authorities is a plurality of authorities organized 
hierarchically. 

In reference to claim 57: 

Lampson et al. (Section 9, Access Control, p. 305-307) discloses a system wherein said 
authorized parties are maintained by another instantiation of the system, where the other 
instantiation is the access control list. 

In reference to claim 59: 

Lampson et al. (Section 5.2, Path Names and Multiple Authorities, p. 283-286) discloses a 
system wherein said coordinating directives involve cryptographic fields assuring integrity of the 
operation, wherein the coordination of the entities with the certification authorities assure 
integrity of the operation 



In reference to claim 61 : 
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Lampson et. al. (p. 285) discloses a system wherein cryptographic capabilities involve digital 
certificates. 

In reference to claim 62: 

Lampson et. al. (Section 2, p. 268 - 270) discloses a system wherein said organization comprise 
various organizational units, where the organization is the distributed authentication system, and 
the organizational units are defined as Concepts and other such units as principals, people, 
machines, services groups, all of which comprise an organization. 

In reference to claim 63: 

Lampson et. al. (Section 2 and Section 3.1,3.2, p. 268 - 272) discloses a system wherein said 
organization comprise of various organizational units where entities are defined in one unit and 
their roles are defined within a second unit, where the concept of Principals comprises entities, 
and the roles are defined in a second concept, in statements. 

Claim Rejections - 35 USC §103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 11,12, 40, 45-46, 58, 60 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lampson et. al. 
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In reference to claim 1 1 : 

Lampson et al. discloses a method for operational organizational structure for authentication in 
distributed systems however does not explicitly disclose a method wherein the operational 
organizational structure represents at least one commercial organization. 

Lampson et al. additionally reveals intent to do this as disclosed in (Section 2. Concepts 
p.268) where some of the possible values for the groups are SRC and DEC employees. 

It would have been obvious to one of ordinary skill in the art to use this in distributed 
systems requiring cryptographic security, including commercial organizations given Lampson et 
al.'s intent to apply the model to any kind of distributed system requiring authentication, 
including commercial organizations. 

Claim 12 is rejected for the same reason as claim 1 1. 

In reference to claim 40: 

Lampson et al. (p. 283 - 290) discloses an instance of a database involving entities and 
relationship, but does not disclose an instance where the system's operation is a database 
maintenance operation. 

The examiner takes official notice that database maintenance operations are well known 
to those skilled in the art are necessary to maintain the function and integrity of databases. 
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It would have been obvious to one of ordinary skill in the art at the time of invention to 
include some instance where the operations being performed on the database were database 
maintenance operations given the need to maintain the database in some way. 

In reference to claim 45: 

The examiner takes official notice that logging system's operations are well known in the art. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
log the system operations of Lampson et. al.'s disclosure given the advantage of being able to 
have a formal record for the actions of the certification authorities and the logins by the users. 

Claim 46 is rejected for the same reason as claim 45. 

In reference to claim 58: 

Lampson et al. does not explicitly disclose a system wherein said authorized parties are assigned 
by management of said organization. However it is well understood in the art that the decision 
of cryptographic authorities to use, or the decision on the authorizations that certain party may 
have can only be granted by a higher authority. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
assign the authorized parties used in Lampson et al. by the management of the organization. 



In reference to claim 60: 
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Lampson et al. does not explicitly disclose a system wherein said maintaining view representing 
an organization may present different characteristics and components to different outside 
reviewers. 

The Unified Modeling Language (UML) 1.0 discloses different view representations of a 
particular model each subject to different reviews and each view presenting different 
characteristics and components. (UML Semantics version 1.0 5 p. 93-96) 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
allow different aspects of the modeled system in Lampson et al. to be presented to different 
outside reviewers, given the advantage to observe one set of characteristics about the model to 
review only a particular aspect of the modeled system. 

Conclusion 

10. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thornas.Ho6@uspto.gov 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 
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General Information/Receptionist Telephone: 571-272-2100 Fax:703-872-9306 
Customer Service Representative Telephone: 571-272-2100 Fax: 703-872-9306 



TMH 

March 1 st , 2005 
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